Design an encrypted time-limited API on Client/Server side
iMath
redstone-cold at 163.com
Wed Jun 8 12:51:13 EDT 2016
I am planning design an encrypted time-limited API on both Client and Server sides, the server side is written in Django, the client side is a GUI program which call the API by
import requests
c = requests.post("http://127.0.0.1:8000/VideoParser/", data={'videoUrl': videoUrl })
The way it call the API is desperately exposed to those who can use network traffic capturing tools like wireshark and fiddler, while I don't want anyone else could call the API with their customized videoUrl, and if people made the post call with the same parameters 2 minutes later after the client initially made the call, the call should be valid or expired, so how to design the encrypted time-limited API on both Client and Server side in this case ?
P.S. I think add an identifier to the post data could prevent them using the API
import requests
c = requests.post("http://127.0.0.1:8000/VideoParser/", data={'videoUrl': videoUrl, 'identifier':value_of_identifier })
provided there is something encrypted in the value_of_identifier and it changes with each call, but I don't know how to get started, any idea ?
It would be better to show some code , I really don't know which modules to use and how to start to write code.
More information about the Python-list
mailing list